An example of this is the weblog. While the more web-savvy participants amongst us are very familiar with the concept, there seems to be a lack of understanding of what blogs are about. Most dismiss them as diaries (which some blogs, like those hosted by LiveJournal, truly are) but fail to realize that there is a lot more going on in the space.

I recently had a chance to discuss emerging trends in technology with a number of Internet executives for large companies and was very surprised to see how quickly the weblog phenomenon is being dismissed. What I suspect is that this is largely the result of the complexity of weblogland, an area that is hard to really classify neatly in a few buzzwords. A world where Glenn Reynolds sits only a few clicks away from Mark Pilgrim or Alan Reiter is one that reflects only the diversity of opinions you can find in the web space, and the variety of subjects that are covered.

I suspect that what we are witnessing is a very quiet revolution in content publishing. For starters, most mainstream B2B publications are starting to loose ground to the web. The reason behind this is that information is more widely available in the only world, and at a much faster rate than in the print world. Furthermore, the costs related to printing and shipping weekly publications are much higher than those of setting up websites, even considering the high price of full content management solutions.

Meanwhile, individuals with particular knowledge of a field can set themselves up online for a relatively small amount of money and start producing content almost instantly. What is needed after that is some amount of personal marketing, which in itself is becoming much easier with the rise of social network sites like Ryze and LinkedIn. The next step in this new format for online publishing will be a revenue model. Some people have already tried taking donation and, increasingly, companies like Google are starting to aggregate advertising across networks of blogs. I suspect that, within the next five years, we probably will start seeing blogs appear as a new form of micro-publishing.

But what about the editors?

Of course, the discussion of weblogs as journalism inevitably leads to a discussion of the role of editors within the journalism field as a whole. However, the interesting thing happening in blogland is that the editing is actually distributed. To a large extend, services like Blogdex Daypop, and Popdex are starting to serve as basic editors in terms of automating the information on what story is seen as important across the web world. This level of automation is similar, in a way to that used by Google News and fills an important part of the editor’s job: setting the agenda. By aggregating data across blogland, those services use “blog populi” as their editor, essentially letting the aggregation of links set the basic agenda. What is important to a lot of blogger must be an important story and therefore deserves front page treatment.

The next role for the editor is in establishing whether facts are correct or wrong. This is largely done through a level of checks and balances in the blog world that can rival that of the best news organization. A story that is considered important by “blog populi” will get a lot of linkage and, using such technologies as trackback and comment system, will provide much in the way of corrections. As a result, discussions starting in one location can feed another, be criticized by a third one, and all and all present a fuller picture. However, a lot of system (including my own), do not offer trackback yet. Once all blogs do, this kind of fact checking could increase the overall value of the content. System like Technorati provide a good idea of what other people are saying about a particular entry. This, once again, goes to the fact checking nature of the editor’s role.

The Distribution Issue

The nature of online publishing is largely one of pull versus push. Few people actually receive news from web sites in the way they do from other media form. For example, I receive a newspaper every morning. This is what is called a push model. I subscribed to that newspaper and do not have to remember to go and buy it every day. However, in a pull model, I decide where to go to get my information. In a way, one could argue that broadcast falls under both categories: one decides what TV or radio station to pick up (pull) but once they did, the information is pushed to them. Similarly, one decides what address to type into the URL box on their browser. However, a small format called RSS allows to turn weblogs into push medium. Using a client called an RSS reader, one can subscribe to a weblog and, after that, receive abstracts from the weblogs on a regular basis. This model allows blog publishers to end up with more regular subscribers, and is key to the weblog world because these reminders do not require any extra work on the part of the reader to gather the information. As a result, one can grow his/her readership. I’d recommend that every publisher reading this look into the format and consider implementing it. There are some tremendous income opportunities there, ranging from publishing of highlights with text-advertising attached to them to offering customized RSS feeds for an extra fee.

Journalism or not?

So, in the final analysis, some blogs are emerging as a new form of journalism, while others do fall squarely in the world of diary. As a result, they can be used as useful knowledge management tool and potentially micro-publishing platform.

Tristan Louis is the founder and CEO of Keepskor and writes the influential tnl.net weblog, where this was initially posted under the title Silent Revolution. You can follow him on twitter here or receive his weekly newsletter by subscribing here.

The AIM client allows any users on the Internet to create a “buddy list” and carry on text-based chat with other people on their buddy list. With 27 million AOL users and 21 million registered AIM users, America Online has become the leading provider of instant messaging software, dwarfing its competitors in terms of user base. According to MediaMetrix, Yahoo Messenger is the second most popular instant messaging client, with 10.6 million users, followed by Microsoft’ MSN Messenger, with 10.3 million registered users.

AOL has aggressively promoted its AIM messaging platform as a corporate tool, cutting deals with Novell and Lotus to incorporate it in their offerings. However, its focus on security issues has not been as strong as its marketing. In the past AOL has covered up security breaches instead of being forthcoming about them, said Dave Cassel, editor of the AOL Watch Newsletter, an email mailing list sent out to 50,000 subscribers.

Two areas in which AIM security has already been compromised are password theft and buffer overflow, a way for hackers to remotely crash a computer system by sending a certain set of characters to an AIM client. Furthering the problem is the fact that the client does not need to be running at the time in order to be exploited. Simply installing it on a machine is enough to expose it to the buffer overflow problem.

In January 2000, hackers were coming to the press with that problem because they wanted the buffer overflow security hole closed, said Cassel. But AOL didn’t respond so the hackers thought that negative press would spur AOL into action. After I wrote an article about it, AOL said they would close the hole but in December 2000, the hole could still be exploited.

In December, @Stake, an Internet security consulting firm, issued a security advisory about the buffer overflow problem. In it, the company described how a hacker could use the AIM client to shutdown a computer or execute local commands on the victim’s desktop.

The issue was fixed, said Nicholas Graham, a spokesperson for AOL. We encourage our users to upgrade but it’s not an issue at this point.

Weld Pond, manager of research and development for @Stake, added that while the December issue was not exactly the same one as the January one, it did fall into the same class of problems. What that illuminates is the fact that they are not using secure policies, he said. It’s sort of like finding out that one of your windows has no lock and not going around to check the other windows.

We answer instances of security on a case by case basis, defends Graham. Our latest client is the most secure one to date and we intend to continue providing a more robust and more secure client as time goes on.

Buffer overflow and the hijacking of AIM screen names have been problems since AIM was introduced a few years back, said an active AOL hacker who preferred to remain anonymous. Product integrity and security has never been a specialty of AOL and this is very obvious from the numerous exploits I and others have found in the service in the past three years.

While AOL has issued a new version of its client correcting the problem, the security risks posed by the AIM client should remain a concern among system administrators. The funny thing is that upgrading to the most recent version of AIM solves nothing, said the hacker. Most of the exploits are what we call server side hacks, which means the software client has nothing to do with the hack at all. The buffer overflow hack was the only major hack so that involved the actual client software.

Some of my buddies used the hijacked AIM accounts to carry on fake conversations with the friends of the person who originally owned it. The conversations resulted in my buddies tricking the real owner’s friends into providing personal information and even credit card information. People have no reason to believe that accounts have been hacked unless the real owner notifies them.

This was the problem that Habeeb Dihu, a senior principal at Diamond Cluster, an ebusiness consulting firm., encountered when a hacker kidnapped his instant messenger ID. I was working on the Covisint deal, he said, referring to the B2B exchange developed by General Motors, Chrysler, Ford, Oracle, and Commerce One.

Because we have consultants working at several clients, the way we keep in touch with each others is through instant messaging. Somewhere in the middle of the Covisint deal, my AIM screen ID got hacked. Someone masqueraded as me and started to talk to my coworkers. I took care of it by alerting all my co-workers but AOL was very unresponsive in terms of tech support. I was completely ignored by the support people there and was finally contacted by the head of press relations for AOL after I talked to the press. Relative to how much AIM is used in the corporate world, the security behind this thing is abysmal.

Following the incident, the company instituted a review of different instant messaging solutions and standardized on Yahoo’s Instant Messenger. Despite the fact that you could have some ID theft issue behind Yahoo, no one has managed to hack into the yahoo user database to the extent of the problems with MSN and AOL, he added. We looked at Yahoo’s corporate solution but the cost of corporate yahoo was prohibitive compared to the free products available out there, he said, adding that his company has been involved in the development of Jabber, another IM client. Our hope is that jabber will increase security and we’ll be able to migrate there but it’s not quite there yet in terms of robust user interface for non technical people.

Instant Messaging is used as much if not more than email these days in the corporate world. The lack of security and lack of completeness in the solution is pretty alarming from my perspective. The only messaging solution that hasn’t been hacked is Yahoo’s and it’s only a matter of time before it happens.

If you just want to talk to people in your company, you’re better off using some other piece of software that wouldn’t be under as much scrutiny from hackers, said Cassel.

Using a third party to do your corporate communication that has no legal standing is a dangerous thing, said Pond. Unlike the phone, it’s unregulated and insecure. When you are using AOL IM, you’re sending your communication in the clear over the Internet to AOL’s server and back, whether you are talking to someone in a remote location or in the office next door. People think of it as the phone but they shouldn’t. AOL has full control of communication for corporations who use AIM for communication.

We’re moving to a world were there are more and more clients that people are running on their machines, out of the control of the IT department. Companies should set security policies set up at corporate level and work on an approval process for those clients.

However, there’s no one size fits all solution. Different environments can put the expense out there to create more secure environments. Thinking you can sort of read about a security problem and know what the best solution is without taking the environment into consideration is not possible.

There are far better products out there such as MSN Messenger and Yahoo Messenger, said the hacker. But these products haven’t taken off in popularity due to AOL’s huge market share. These other products are far more secure and reliable than the AIM service. Any hacker will tell you this.

Network managers can solve the issue by either blocking out connection to the AOL IM servers or install different clients on their users’ desktops. Groove is doing a similar kind of tool but it’s an encrypted chat in a peer to peer environment, which ends up being more secure, said Pond.

If you have to use it, spend as little time as possible on it, adds Cassel. When I’m through with my messaging conversation, I close it out the software in both my window and my tray. Yes, I can’t be messaged but I also can’t be hacked. I just keep my email window open and then people can reach me that way. Your email client is definitely more secure than IM.”

Tristan Louis is the founder and CEO of Keepskor and writes the influential tnl.net weblog, where this was initially posted under the title AIM Not Secure. You can follow him on twitter here or receive his weekly newsletter by subscribing here.

Bye Bye Boo!

You may have heard the rumors so let me confirm my departure from Boo after less than six months. The call was as to whether I wanted to work exclusively out of the UK or stay in the US. When presented with such a scenario, I decided that I would be better off working in the US only and, as a result, have left Boo. It wasn’t an easy decision as I enjoyed working with the folks at Boo but didn’t feel that it would be right for me to move to the UK for a couple of reasons: first of all, I like New York a lot more than I do London. This is a purely personal judgment call but after having spent several months in London, I know that it’s not a city I want to live in. Second, I have spent a lot of time establishing a ground base in the US. As many of you know, I’m French and have bumped around the world for quite a few years before finally settling down in New York. Since I did not intend to uproot myself again, there was not much choice. And last but not least, I think Boo has challenges to address that top management is unwilling to address. So I left.

Now you’re probably wondering what I’m up to next, so here goes…

A new company: Moveable Media

In late 1999, an idea started brewing in my mind about the potential to form a B2B and E-commerce consulting company around new concepts that pulls from my experience. While I can’t give more details right now, let me just say that I’m starting my own company. It’s called Moveable Media and will be very different from the current offerings out there on the Internet.

However, the business plan is quite strong and I already have had discussions with parties interested in backing me financially. As a result, I am now making the jump that so many have made before and starting my own company, which will launch its first offering this year (in 2000).

While the company is still in its embryonic state, I am looking to fill a few positions, including that of CTO so if you know anyone that might be interested in joining a dynamic, New York based start up headed by an Internet veteran (yes, folks, I have now officially landed that title, having been in the industry for 7 years), send them my way.

Many of the people I consulted about this have been asking me why it took me so long to make the jump back into entrepreneurdom. Well, the reason is really quite simple: I needed to get some experience. Having worked around C-level people for the better part of the last decade, I now feel that I’ve learned enough to build a reasonably successful company.

The TNL.net newsletter

You may have noticed a small change of direction in terms of the TNL.net newsletter. Instead of just covering new applications, I’ve recently sent out dispatches on industry events such as the AOL-Time Warner merger and the Transmeta announcement. In a way, this is more of a return to my analytical roots. As a result, I will send out more analytical pieces along with the regular offering of cool new technologies I uncover.

You may also have noticed that the frequency of this newsletter seems to have increased a little, with this already being the third dispatch this year (whereas last year saw about a dispatch a month). This is part of my effort to offer you something more current and I will try to make sure that you get better updates in general. So enjoy it and feel free to tell me whether I’m right or wrong in my approach with this. After all, it’s all about learning.

Tristan Louis is the founder and CEO of Keepskor and writes the influential tnl.net weblog, where this was initially posted under the title TNL News Update: Leaving Boo. You can follow him on twitter here or receive his weekly newsletter by subscribing here.